NASA's 10 Rules for Developing Safety-Critical Code
NASA Jet Propulsion Laboratory’s Laboratory for Reliable Software developed a set of code guidelines for developing safety-critical code. The rules are intended to eliminate C coding practices that make it difficult to review or properly analyze with static analysis tools.
The NASA’s 10 Rules
NASA’s 10 rules for developing safety-critical code are:
- Restrict all code to very simple control flow constructs—do not use goto statements, setjmp or longjmp constructs, or direct or indirect recursion.
- Give all loops a fixed upper bound.
- Do not use dynamic memory allocation after initialization.
- No function should be longer than what can be printed on a single sheet of paper in a standard format with one line per statement and one line per declaration.
- The code's assertion density should average to minimally two assertions per function.
- Declare all data objects at the smallest possible level of scope.
- Each calling function must check the return value of nonvoid functions, and each called function must check the validity of all parameters provided by the caller.
- The use of the preprocessor must be limited to the inclusion of header files and simple macro definitions.
- Limit pointer use to a single dereference, and do not use function pointers.
- Compile with all possible warnings active; all warnings should then be addressed before the release of the software.
How to Implement Safety-Critical Code
The best way to ensure safety-critical code is to use a static code analyzer.
Enforce NASA Compliance with Klocwork
Running static analysis is an important part of the process of developing safety-critical applications and is a tool to use when complying with functional safety standards, such as IEC 61508 and EN 50128. Klocwork can check your code against the NASA coding practice guidelines to automatically flag violations and enforce its quality coding standard.
Try Klocwork for Safety-Critical Code
See for yourself how Klocwork helps ensure safety-critical code.